Skip to content

runtime: Implement MVP support for block-based emptyDir #419

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
sprt wants to merge 7 commits into
base: msft-main
Choose a base branch
from
Draft

runtime: Implement MVP support for block-based emptyDir #419

sprt wants to merge 7 commits into from

Conversation

@sprt
Copy link

@sprt sprt commented Nov 19, 2025
edited
Loading

User-facing changes

  • Users need to specify the disk sizeLimit via an annotation because K8s doesn't pass the its sizeLimit parameter over CRI, e.g.:
  annotations:
    io.katacontainers.volumes.emptydir_sizelimit.scratch: 1G

Servicing changes

  • Add the below flag to containerd config so that containerd forwards the sizeLimit annotation to Kata:
 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata]
   runtime_type = "io.containerd.kata.v2"
   privileged_without_host_devices = true
+  pod_annotations = ["io.katacontainers.volumes.emptydir_sizelimit.*"]

Current gaps with final implementation

  • Format fs in the guest instead of host
  • Kata config flag to enable block-based emptyDir
  • Policy support

Bugs

root@busybox:/scratch# dd if=/dev/zero of=output.bin bs=1M count=80 oflag=direct
command terminated with exit code 255

then df -hT shows virtiofs

Demo

# busy.yaml
apiVersion: v1
kind: Pod
metadata:
  name: busybox
  annotations:
    io.katacontainers.volumes.emptydir_sizelimit.scratch: 1G
spec:
  runtimeClassName: kata
  containers:
  - image: docker.io/library/busybox:latest
    name: container
    command: ["sleep", "inf"]
    volumeMounts:
    - name: scratch
      mountPath: /scratch
  volumes:
  - name: scratch
    emptyDir:
      sizeLimit: 1G # No effect with block-based

Below you notice that the mount source is ext4 (instead of virtiofs today) and the fs type is ext4 (instead of overlay today):

$ kubectl apply -f busy.yaml
pod/busybox created
$ kubectl exec -it busybox -c container -- df -hT | grep scratch
/dev/vdb             ext4          920.3M    260.0K    856.4M   0% /scratch

@sprt sprt changed the title Sprt/blk emptydir runtime: Implement MVP support for block-based emptyDir Nov 19, 2025
Apokleos and others added 2 commits November 20, 2025 13:21
@Apokleos @sprt
runtime: Make csi-directvolume-kata works well with runtime
7510cac 
As csi-directvolume-kata will use raw file on the host as the
backend of a virtio-blk block device, and it is treated as just a
regular file, which cause runtime label it unsupported device type.
To correct such case, this patch supports it.

Another important factor related to the issue kata-containers#11296, as it said that,
the Options with bind does cause it fail. But in my test with runtime-rs,
it works well. So in this patch, I just remove the related Option
assignment from the m.Option

Fixes kata-containers#11296

Signed-off-by: Alex Lyn <alex.lyn@antgroup.com>
@sprt
runtime: Implement MVP support for block-based emptyDir
6e99628 
Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
@sprt sprt force-pushed the sprt/blk-emptydir branch from 16fcf5d to 6e99628 Compare November 20, 2025 13:21
sprt added 5 commits December 4, 2025 14:44
@sprt
poc: Format fs in guest instead
f24905f 
Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
@sprt
cont
8f7f91e 
Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
@sprt
debug: Hardcode disk path to /foo.img
f1f0c6d 
Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
@sprt
debug
86256c6 
Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
@sprt
debug: add -m=0
76e9331 
Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ok-to-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sprt @Apokleos